The ever-increasing power of computers that is helping the
internet to grow is also threatening its future. That was the
warning delivered byTim Berners-Lee, the
inventor of the web, and online security specialists at the Houses
of Parliament in London last week. This article was originally
published on
NewScientist.com.Their concerns are centred on
deep packet inspection (DPI), a technique that
makes it possible to peer inside packets of data transmitted across
the internet.
DPI is already being used for commercial gain, without the
consent of users, said Richard Clayton, a security expert at the
University of Cambridge and treasurer of the
Foundation for
Information Policy Research. Companies try to sell DPI-acquired
data to firms that can use it – for example, to
target online adverts. DPI is also used by the
Chinese government to enforce its web censorship programme,
sometimes called the
Great
Firewall of China.
Lives, hates and fears
Berners-Lee has no issue with targeted adverts, which he said
offered online users an improved service, but is uncomfortable with
using DPI to provide them. He likened DPI to wiretapping, and
pointed out that companies could use it to learn a huge amount
about our "lives, hates and fears". One example he gave was that
the web is often the first point of call for people with health
concerns.
DPI has become possible thanks to improvements in computing
power, said Robert Topolski, Chief Technologist of the
Open
Technology Initiative. That allows internet servers to relay
data and simultaneously snoop inside data packets. Until recently
that was beyond the capabilities of the available technology.
DPI threatens the trust that exists between web users and
internet service providers, Topolski said. It makes it possible for
a "man in the middle" not directly accountable to a website's
operators or its users to intercept and use data sent over the
internet, from details of purchases made online to messages shared
on social sites, he explained.
Topolski pointed out that this is very different from the
widespread practice of monitoring online activity such as search
terms, with the user's consent, to offer similar targeted
adverts.
Protection protocols
This week Google
revealed its own targeted ads service. Crucially
that service is opt-in rather than opt-out: consumers have to
sign up before they can use it.
Kent Ertugrul, CEO of the digital technology company
Phorm, defended the
use of DPI. Phorm sells information gleaned this way to internet
service providers in the US and UK who wish to deliver targeted
adverts, but Ertugrul claims his firm's privacy protection
protocols are unrivalled. Phorm strips user data of anything that
could link it to an individual in the real world, he says.
But Topolski dismissed this as a side issue. Phorm captures
people's private data without permission, before those protection
filters are implemented. Because companies like Phorm are
accountable only to their shareholders, this leave the privacy of
users and their data compromised, he said.
Clayton and other members of the discussion group said DPI
should be tested against existing data-protection and privacy laws,
before it becomes more widely used. This would either establish
precedents that protect web users, or make it clear that new
legislation is needed, they said.